This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.

Accept
Reject
Preferences
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

REST API logout not taking an effect

Go to solution
paweltrybus
8 - Cloud Apps
8 - Cloud Apps

‎07-05-2024 09:00 AM

Hello everyone! I am trying to trigger building the datamodel from Apache Airflow. I am following this path to do so:
- I use GET `api/v1/authentication/login` endpoint to generate an access token
- I use POST `api/v2/builds` endpoint to schedule a new build
- I use GET `api/v2/builds/<datamodelId>` endpoint to check the build status
- I use GET `api/v1/authentication/logout_all` endpoint to log out all the tokens generated for this service account.

The logout step returns status code 204 and no body. The problem is that the access token generated in step 1 is still valid and I can use it to schedule new build. This is big security threat. 

Have anyone met sth similar? How to solve the issue?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
paweltrybus
8 - Cloud Apps
8 - Cloud Apps

‎07-12-2024 03:37 AM

The support team helped to solve the issue. It turned out it is not feasible to disable access tokens with `api/v1/authentication/logout_all` endpoint. Instead the support team suggested turning on the token expiration and letting it expire by themselves. It is the instruction to turn the token expiration:

  • Go to Sisense Admin -> Server & Hardware -> System Management -> Configuration
  • Click 5 times on the Sisense logo
  • Click Base
  • Search for Authentication and expand it
  • enable authentication.apiTokenExpiration and save the changes

Thanks for help!

 

View solution in original post

7 REPLIES 7

Go to solution
DRay
Community Team Leader
Community Team Leader

‎07-08-2024 12:02 PM

Hello @paweltrybus.

Thank you for reaching out. I'm engaging internal resources to get feedback on this.

David Raynor (DRay)
0 Kudos

Go to solution
DRay
Community Team Leader
Community Team Leader

‎07-08-2024 12:10 PM

In the meantime, have you reached out to Sisense support about this? They will be able to review logs and there might be a need for a patch or a fix from their side if this is identified as a bug.

David Raynor (DRay)
0 Kudos

Go to solution
DRay
Community Team Leader
Community Team Leader

‎07-08-2024 12:29 PM

Can you look at the logout call?  For the logout api, you need to supply to existing api token in the form 'Bearer' + <bearer token>

David Raynor (DRay)
0 Kudos

Go to solution
paweltrybus
8 - Cloud Apps
8 - Cloud Apps

‎07-08-2024 11:44 PM

Thanks for your answer @DRay  After seeing your message I contacted support and I am waiting for the response.

I am using the header `Authorization: "Bearer <token>"` for the `api/v1/authentication/logout_all` endpoint.

Go to solution
DRay
Community Team Leader
Community Team Leader
In response to paweltrybus

‎07-09-2024 02:06 PM

Excellent. Can you update us when you get it resolved?

Thank you.

David Raynor (DRay)
0 Kudos

Go to solution
paweltrybus
8 - Cloud Apps
8 - Cloud Apps

‎07-12-2024 03:37 AM

The support team helped to solve the issue. It turned out it is not feasible to disable access tokens with `api/v1/authentication/logout_all` endpoint. Instead the support team suggested turning on the token expiration and letting it expire by themselves. It is the instruction to turn the token expiration:

  • Go to Sisense Admin -> Server & Hardware -> System Management -> Configuration
  • Click 5 times on the Sisense logo
  • Click Base
  • Search for Authentication and expand it
  • enable authentication.apiTokenExpiration and save the changes

Thanks for help!

 

Go to solution
DRay
Community Team Leader
Community Team Leader
In response to paweltrybus

‎07-12-2024 09:36 AM

Thank you for the update. I'm glad you were able to get it sorted out!

David Raynor (DRay)
0 Kudos
Copyright © 2024 Khoros, LLC